So, I needed a way to “securely” (that’s always a nebulous word) store a firearm– namely a pistol– such that it could meet the following criteria:

Keep children’s and other family members’ hands off of the firearm

Stored in, on, or near a nightstand

Easily opened by authorized people under stress

Easily opened by authorized people in the dark

Not susceptible to power failures

Not susceptible to being “dropped open”

Not susceptible to being pried open

Not opened by “something you have” (authentication with a key) because the spouse is horrible at leaving keys everywhere.

For sale at a reasonable cost

An adversary should not know (hear) when the safe was opened by an authorized person

But I didn’t care a lot about the ability to keep a dedicated thief from stealing the entire safe with or without the firearm inside.

Read on at Securology to see how various products fail to fulfill this set of requirements. This example is illustrative in that it addresses several distinct threat aspects and tradeoffs. The pistol is not simply an asset needing protection, it is also by itself a security mechanism against certain threats. The resulting optimization problem is pretty interesting: keeping (some) unauthorized people from accessing the pistol while maintaining availability to the authorized in a practical sense.

Post navigation

2 thoughts on “Threat Modeling in Action”

Thanks for commenting/re-posting. This was something that I ordinarily would have left off the blog due to personal operational security, but I found the thought exercise to be good to keep to just myself.